Closed Bug 590774 Opened 9 years ago Closed 9 years ago

Crash [@ js::ASTSerializer::function] with Reflect.parse("function::x")

Categories

(Core :: JavaScript Engine, defect, critical)

x86
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: jruderman, Assigned: dherman)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase, Whiteboard: fixed-in-tracemonkey)

Crash Data

Attachments

(1 file)

Reflect.parse("function::x")

Thread 0 Crashed:
0   js::ASTSerializer::function(JSParseNode*, js::ASTType, js::Value*) + 17
1   js::ASTSerializer::expression(JSParseNode*, js::Value*) + 411
2   js::ASTSerializer::expression(JSParseNode*, js::Value*) + 4952
3   js::ASTSerializer::expression(JSParseNode*, js::Value*) + 2090
4   js::ASTSerializer::statement(JSParseNode*, js::Value*) + 473
5   js::ASTSerializer::sourceElement(JSParseNode*, js::Value*) + 31
6   js::ASTSerializer::statements(JSParseNode*, js::Vector<js::Value, 8ul, js::ContextAllocPolicy>&) + 147
7   js::ASTSerializer::program(JSParseNode*, js::Value*) + 127
8   __ZL13reflect_parseP9JSContextjP12jsval_layout + 578
9   js::Interpret(JSContext*) + 87657
10  js::Execute(JSContext*, JSObject*, JSScript*, JSStackFrame*, unsigned int, js::Value*) + 1728
11  JS_ExecuteScript + 143
12  __ZL7ProcessP9JSContextP8JSObjectPci + 1337
13  __ZL11ProcessArgsP9JSContextP8JSObjectPPci + 2277
14  shell(JSContext*, int, char**, char**) + 261
15  main + 252 (js.cpp:5146)
16  _start + 209
17  start + 41
Blocks: 590820
Assignee: general → dherman
Attachment #469843 - Flags: review?(cdleary)
Comment on attachment 469843 [details] [diff] [review]
implements function::identifier SpiderMonkey extension

I despise this particular extension, but the patch looks good. :-)
Attachment #469843 - Flags: review?(cdleary) → review+
http://hg.mozilla.org/tracemonkey/rev/e622deef587d
Whiteboard: fixed-in-tracemonkey
http://hg.mozilla.org/mozilla-central/rev/e622deef587d
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Crash Signature: [@ js::ASTSerializer::function]
E4X has been removed, so we won't add the test.
Flags: in-testsuite-
You need to log in before you can comment on or make changes to this bug.